Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS99-033.

Impact

Successful exploitation will allows remote users to crash the application leading to denial of service condition or execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms99-033

Insight

The FTP service in IIS has an unchecked buffer in a component that processes 'list' commands. A constructed 'list' request could cause arbitrary code to execute on the server via a classic buffer overrun technique.

Affected

Microsoft Internet Information Services version 3.0 and 4.0

References

http://en.securitylab.ru/nvd/246545.php
http://technet.microsoft.com/en-us/security/bulletin/ms99-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0349

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
Cumulative Security Update for Internet Explorer (956390)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Take action and discover your vulnerabilities